Move k8s client setup to the constructor

2026-01-11 14:30:42 +01:00 · 2021-04-06 09:59:10 +02:00
parent eb5fe7944b
commit 6e67d5b87c
2 changed files with 36 additions and 22 deletions
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -60,9 +60,9 @@ func main() {

 	glog.Infof("Running with config: %+v", parameters)

-	whsvr := &WebhookServer{
-		config: &parameters,
-		server: &http.Server{
+	whsvr, err := NewWebhookServer(
+		&parameters,
+		&http.Server{
 			Addr: fmt.Sprintf(":%v", parameters.port),
 			// This is quite inefficient as it loads file contents on every TLS ClientHello, but ¯\_(ツ)_/¯
 			TLSConfig: &tls.Config{GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
@@ -71,6 +71,9 @@ func main() {
 				return &cert, err
 			}},
 		},
+	)
+	if err != nil {
+		glog.Exitf("Could not create the Webhook server: %v", err)
 	}

 	// define http server and server handler
--- a/cmd/webhook.go
+++ b/cmd/webhook.go
@@ -30,6 +30,7 @@ var (
 type WebhookServer struct {
 	server *http.Server
 	config *WhSvrParameters
+	client *kubernetes.Clientset
 }

 // Webhook Server parameters
@@ -57,6 +58,26 @@ var (
 	}
 )

+func NewWebhookServer(parameters *WhSvrParameters, server *http.Server) (*WebhookServer, error) {
+	config, err := rest.InClusterConfig()
+	if err != nil {
+		glog.Errorf("Could not create k8s client: %v", err)
+		return nil, err
+	}
+	clientset, err := kubernetes.NewForConfig(config)
+	if err != nil {
+		glog.Errorf("Could not create k8s clientset: %v", err)
+		return nil, err
+	}
+
+	return &WebhookServer{
+		config: parameters,
+		server: server,
+		client: clientset,
+	}, nil
+
+}
+
 func DefaultParametersObject() WhSvrParameters {
 	return WhSvrParameters{
 		port:                           8443,
@@ -126,22 +147,12 @@ func getCurrentNamespace() string {

 func (whsvr *WebhookServer) ensureSecrets(ar *v1beta1.AdmissionReview) error {
 	glog.Infof("Ensuring existing secrets")
-	namespace := ar.Request.Namespace
+	targetNamespace := ar.Request.Namespace

-	config, err := rest.InClusterConfig()
-	if err != nil {
-		glog.Errorf("Could not create k8s client: %v", err)
-		return err
-	}
-	clientset, err := kubernetes.NewForConfig(config)
-	if err != nil {
-		glog.Errorf("Could not create k8s clientset: %v", err)
-		return err
-	}
 	currentNamespace := getCurrentNamespace()

 	glog.Infof("Looking for the source secret")
-	sourceSecret, err := clientset.CoreV1().Secrets(whsvr.config.sourceImagePullSecretNamespace).Get(whsvr.config.sourceImagePullSecretName, metav1.GetOptions{})
+	sourceSecret, err := whsvr.client.CoreV1().Secrets(whsvr.config.sourceImagePullSecretNamespace).Get(whsvr.config.sourceImagePullSecretName, metav1.GetOptions{})
 	if err != nil {
 		glog.Errorf("Could not fetch source secret %s in namespace %s: %v", whsvr.config.sourceImagePullSecretName, currentNamespace, err)
 		return err
@@ -149,23 +160,23 @@ func (whsvr *WebhookServer) ensureSecrets(ar *v1beta1.AdmissionReview) error {
 	glog.Infof("Source secret found")

 	glog.Infof("Looking for the existing target secret")
-	secret, err := clientset.CoreV1().Secrets(namespace).Get(whsvr.config.targetImagePullSecretName, metav1.GetOptions{})
+	secret, err := whsvr.client.CoreV1().Secrets(targetNamespace).Get(whsvr.config.targetImagePullSecretName, metav1.GetOptions{})
 	if err != nil && !errors.IsNotFound(err) {
-		glog.Errorf("Could not fetch secret %s in namespace %s: %v", whsvr.config.targetImagePullSecretName, namespace, err)
+		glog.Errorf("Could not fetch secret %s in namespace %s: %v", whsvr.config.targetImagePullSecretName, targetNamespace, err)
 		return err
 	}

 	if err != nil && errors.IsNotFound(err) {
 		glog.Infof("Target secret not found, creating a new one")
-		if _, createErr := clientset.CoreV1().Secrets(namespace).Create(&corev1.Secret{
+		if _, createErr := whsvr.client.CoreV1().Secrets(targetNamespace).Create(&corev1.Secret{
 			ObjectMeta: metav1.ObjectMeta{
 				Name:      whsvr.config.targetImagePullSecretName,
-				Namespace: namespace,
+				Namespace: targetNamespace,
 			},
 			Data: sourceSecret.Data,
 			Type: sourceSecret.Type,
 		}); createErr != nil {
-			glog.Errorf("Could not create secret %s in namespace %s: %v", whsvr.config.targetImagePullSecretName, namespace, err)
+			glog.Errorf("Could not create secret %s in namespace %s: %v", whsvr.config.targetImagePullSecretName, targetNamespace, err)
 			return err
 		}
 		glog.Infof("Target secret created successfully")
@@ -174,8 +185,8 @@ func (whsvr *WebhookServer) ensureSecrets(ar *v1beta1.AdmissionReview) error {

 	glog.Infof("Target secret found, updating")
 	secret.Data = sourceSecret.Data
-	if _, err := clientset.CoreV1().Secrets(namespace).Update(secret); err != nil {
-		glog.Errorf("Could not update secret %s in namespace %s: %v", whsvr.config.targetImagePullSecretName, namespace, err)
+	if _, err := whsvr.client.CoreV1().Secrets(targetNamespace).Update(secret); err != nil {
+		glog.Errorf("Could not update secret %s in namespace %s: %v", whsvr.config.targetImagePullSecretName, targetNamespace, err)
 		return err
 	}
 	glog.Infof("Target secret updated successfully")